<?xml version="1.0" encoding="UTF-8"?> <FindBugsFilter> <Match> <!-- Write only application status into response. Should be removed if we switch to Spring Actuator --> <Class name="at.asitplus.eidas.specific.connector.controller.MonitoringController" /> <Method name="startSingleTests" /> <Bug pattern="XSS_SERVLET" /> </Match> <Match> <!-- CSFR protection is implemented by pendingRequestId that is an one-time token Endpoint for Metadata generation can be unrestrected by design --> <OR> <Class name="at.asitplus.eidas.specific.connector.controller.ProcessEngineSignalController" /> <Class name="at.asitplus.eidas.specific.connector.controller.Pvp2SProfileEndpoint" /> </OR> <OR> <Method name="performGenericAuthenticationProcess" /> <Method name="pvpMetadataRequest" /> </OR> <Bug pattern="SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING" /> </Match> <Match> <!-- Path to application configuration is trusted --> <Class name="at.asitplus.eidas.specific.connector.MsSpecificSpringBootApplicationContextInitializer" /> <Bug pattern="PATH_TRAVERSAL_IN" /> </Match> </FindBugsFilter>